In a typical purchase transaction, a consumer may use a portable consumer device to pay for goods or services from a merchant. It is important to ensure that the consumer is the authorized user of the portable consumer device that is used to make the purchase. Otherwise, the issuers of such portable consumer devices, merchants, consumers, etc. are at risk of losing money. Further, if consumers perceive that buying goods and services using such portable consumer devices is not safe and secure, they may be inhibited from using them. Ensuring that a consumer is an authorized user of a portable consumer device becomes especially important in situations where the consumer is not making the purchase in person, but rather is making the purchase online, through the mail, or over the phone.
To address the issue of unauthorized use or fraudulent purchases, many solutions have been developed. One example is the Verified by Visa™ service that enables an issuer to verify ownership of a portable consumer device during an online purchase. Once activated, a consumer can shop online at any participating online merchant using that portable consumer device and a password. Each time the consumer shops online at the participating merchant, he will see a Verified by Visa™ window. This window is used to allow the consumer to enter information that is authenticated by the issuer of the personal consumer device. After verifying the consumer's identity, the issuer creates and sends an authentication response to the merchant, who can thereafter decide to proceed or not proceed with the transaction.
These types of solutions help give consumers more confidence to make purchases over the Internet and also allow issuers, acquirers, and merchants to enjoy increased online transaction volumes and reduced exposure to fraud.
However, there are many business models that have emerged that are not conducive to prompting the consumer for a password each time the consumer makes a purchase online. For example, a consumer may have set up a recurring payment for a particular good or service so that the bills for these goods or services can be paid automatically each month, a consumer may regularly make small purchases (e.g., a micro-payment) such as buying songs online, or a merchant may have set up a one-step online payment so a regular consumer can simply click one button to make a purchase, instead of re-entering his billing information every time. These business models were designed specifically to save time and effort for the consumer, allowing the consumer to make a purchase in as few steps as possible. Merchants using these business models have been reluctant to adopt an authentication solution where they will be obligated to prompt the consumer for a password or other form of identification every time a purchase is made. Thus, a different solution is needed to authenticate consumers under these business models to ensure authentication and lower the risk of unauthorized use and fraud, but still allow for an easy and quick process for a consumer making a payment transaction.
Embodiments of the invention address these and other problems individually and collectively.